Privacy is considered a fundamental right of democracy and has been so interpreted in U.S. Supreme Court decisions. Individual privacy is defined as a human right by the United Nations. However, in the information age, personal privacy is being invaded and personal information is being misappropriated at an alarming rate. Information gatherers are reaching into families, homes and businesses taking whatever information they can, including individuals' credit files, transactions, and Internet activities. The attitude of the information gatherers is that collecting by any means is their business and they have nothing to apologize for to the individuals whose information they have taken. This information is then bought and sold, and used against the wishes and interests of the individuals from whom it was taken. The long-feared intrusive presence of “big brother” has arrived, but it turns out to be business “big brother” rather than government “big brother” who is pushing aside individuals' rights.
In the twelve months following Apr. 1, 2000, more than 1,000 major media articles have been written about the invasion of consumer privacy. The articles have well documented privacy abuses by banks, websites, credit-reporting agencies, web advertising agencies, data mining companies, on-line pharmacies, mortgage companies, grocery stores, Internet service providers, and the tracking and selling of Internet activities of school children, just to name a few. There have been class action lawsuits over privacy. The Federal Trade Commission has investigated Internet companies for privacy issues and credit-reporting agencies that have sold the confidential financial information of consumers. In 2001, there have been more than 50 major pieces of privacy legislation proposed at the state and federal level.
Despite the media attention and increasing public outcry, there is little protection of personal information. The existing state and federal laws are a thin patchwork which apply to specific instances and types of information, but which fall short of consistent or comprehensive protection of individuals' privacy. Consumer privacy laws have been frequently introduced at both the state and federal levels in the United States, but nearly all were stalled or killed by lobbyists. To confuse the public and disguise their intent, companies that gather, compile, and sell personal information have formed numerous trade associations that package themselves as “privacy organizations.” Yet, these are often the same companies that have blocked privacy legislation initiatives in Congress and state legislatures. The result is that laws which have been passed are often more favorable to privacy intrusion than to privacy protection.
For example, within the financial services industry, banks, insurers, credit card companies, and securities firms, are mandated by the Gramm-Leach-Bliley Act (GLBA) to have a “privacy policy.” The privacy policy states how a company collects and uses your personal information. Under GLBA, financial services companies can collect, share, and sell all of the personal information they collect about their customers to nearly anyone or any company they define as an “affiliate” or within their “family” of companies. A family company is a subsidiary company or company linked to the parent company, such as an insurance company or brokerage firm. An “affiliate” can be a telemarketer, junk mailer or other companies seeking to sell products or services to the customers of the financial services company.
The information that the financial services company can share or sell under GLBA includes all financial information that bank customers gave the bank and all purchase information the bank has collected about them. This includes Social Security numbers, check and credit card transaction information, and accounts and transactions the bank customers have with other companies.
The GLBA law requires financial services companies to have a privacy policy that allows the consumer to “opt-out” of the sharing and selling of their personal information. However, if a customer uses the company-supplied opt-out form, GLBA allows financial service companies to “share” all of the customer's “non-public” information with other divisions, groups or subsidiaries of the parent company. This means that even if the customer chooses to opt-out, he or she can't opt-out.
Moreover, under GLBA, companies have the right to change their privacy policies at will. Some require consumers to send “opt-out” notices every year, or they are automatically re-enrolled in their programs that share and sell their data to others including telemarketers and direct mail companies.
Banks have acquired or merged with insurance companies and brokerage houses to cross-sell products from one company to another's customer base. In order to cross-sell products, they needed to share customers' personal financial information within their family of companies. GLBA was passed to allow them to do that.
The writing of corporate privacy policies and opt-out agreements has become a near art form for corporate lawyers. The art is in drafting a privacy policy that gives the consumer the illusion of privacy protection and the ability to opt-out, but in reality does not. In fact, the whole objective of privacy policy writing is to do everything possible to insure that the consumer does not opt-out.
There are four types of privacy; informational privacy, privacy of communication, physical privacy, and physical space privacy. Informational privacy is the right to control one's private and personal information, which includes medical, financial, demographic, Internet activities, and other information that could be defined as personal. Privacy of communication is the right to conduct secure and private communications using the U.S. mail, e-mail, telephone, fax, or any other form of communications medium. Physical privacy is the right to protect yourself from another person physically touching you in a harmful or invasive manner. Physical space privacy is the right to define limits of intrusion into one's home, office space, and other areas where you may be located.
This invention is directed to protection of informational and communications privacy. Goals of informational and communications privacy include the rights of individuals:
to own their personal information, which includes financial, demographic, medical information, information about their Internet activities and actions
to control the access and use of their personal information by others
to prevent telemarketers, direct mailers, and other companies or individuals from contacting them without explicit permission
to choose who is allowed to know information about the individual, and the extent and terms for use of such information including compensation to the individual
to prevent identity theft, by closing down availability of personal information to unauthorized persons.
Much of the aggressive personal information gathering which is taking place is driven by the commercial interest in profiling individuals. The more that business knows about an individual's demographics, finances, and purchasing habits, as detailed in their profile, the more valuable the profile becomes. It has been estimated that the average profile is worth about $800 per household, per year, depending on the economics of the household. This number will increase to between $1,500 and $3,000 as technology allows more commercial messages to be directed at specific consumers (one-to-one marketing). The more information a company has compiled on a person, the greater is its ability to send specific messages to the person's household (target one-to-one marketing).
Most persons would be shocked to learn how much information businesses are collecting, buying and selling about them. This currently includes information about what websites an individual visits from their own home computer, which pages they see, and even how long each one is viewed. Companies also have access to records on the individual's finances, including stock holdings, and all personal check and credit card transactions. The temptation and financial inducement are great for those companies to sell all this information to profilers, as witnessed by recent news stories of major banks selling account holders' information to telemarketers. Banks, credit-reporting agencies, merchants, credit card companies, Internet companies, telecommunications companies, cable providers, and nearly everyone consumers do business with, are collecting, compiling, using, and selling personal information. Even a trip to the supermarket, if paid for by check or credit card, results in information being collected about specific foods and personal care items being purchased by the specific individual.
Faced with the current situation of legislative stalemate and electronic data-collection anarchy, individuals may feel there is little they can do against such pervasive, well-financed and well-connected information gathering businesses. Part of the problem is that individuals have been slow to realize how pervasive data collection has become and how bold the gatherers have become in their use of it. By and large, individuals have failed to assert ownership rights over their personal information, and as a result, companies have simply taken it as their own. The irony of the situation is that the companies claim that individuals do not own their own information, but as soon as the companies have collected it, the companies claim that they own it.
However, using the methodologies and technologies described herein, individuals can group together and collectively assert and protect their privacy rights. At some time in the future, consumers may be able to act individually.
Companies rely on consumer complacency not to act in order to continue sharing and selling personal information. If a consumer does act to assert his or her privacy rights, the companies expect the consumer to act alone and under terms the company has defined. Such a consumer has little power to enforce his or her rights.
The balance of power quickly shifts, however, when consumers act together to impose their will upon corporations. Determination and the grouping together of large numbers of individuals have always had the power to change policies of governments and corporations. A pooled personal data rights organization can be used to assist individuals in asserting their privacy rights, and in enforcement actions, if necessary, against companies which continue to abuse privacy rights. In this scenario, it is the consumers who hold the power. Companies will have to decide whether they want the individuals as customers under privacy terms defined by their customers, or face the prospect of losing substantial numbers of customers.